The data controller is MBA Services, contactable at hello@mbaledger.com. As a Spanish-based entity, we are subject to GDPR and the Spanish Organic Law on Data Protection (LOPDGDD).
When you create an account, we collect your email address and an encrypted password (or a Google OAuth token if you sign in with Google). This data is stored securely via Supabase.
We collect anonymised analytics data about how you interact with the platform — pages visited, features used, and actions taken (e.g. programs shortlisted, calculator scenarios run). This is collected via PostHog. If you are logged in, events may be associated with your user ID.
Data you enter into the platform — your shortlist, application statuses, key dates, and calculator inputs — is stored in our database. This data is associated with your account and is used solely to provide the service.
If you purchase Premium access, payment is processed by Paddle.com Market Limited. We do not receive or store your card details. Paddle may share with us your email address and a transaction reference for account verification purposes.
We may collect standard server logs including IP address, browser type, and referring URL for security and debugging purposes. This data is not used for profiling.
| Data | Legal Basis |
|---|---|
| Account data (email, password) | Contract — necessary to provide the service |
| User-generated data (shortlist, dates, inputs) | Contract — necessary to provide the service |
| Payment data | Contract — necessary to process your purchase |
| Usage analytics | Legitimate interest — improving the platform |
| Technical / security logs | Legitimate interest — security and fraud prevention |
| Processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and authentication | AWS (EU region) |
| PostHog Inc. | Product analytics | US (EU hosting available) |
| Paddle.com Market Ltd. | Payment processing and tax compliance | UK / Global |
| Netlify Inc. | Web hosting and CDN | US / Global CDN |
| Google LLC | OAuth authentication (if used), Fonts | US / Global |
All processors are either EU-based, covered by EU-US Data Privacy Framework, or governed by Standard Contractual Clauses (SCCs) ensuring adequate data protection.
MBA Ledger uses the following cookies:
We do not use advertising cookies or sell your data to advertisers.
You have the following rights regarding your personal data:
To exercise any of these rights, email hello@mbaledger.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es.
We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), hashed password storage, and row-level security on our database. No system is completely secure; we will notify you in the event of a data breach affecting your personal data as required by GDPR.
MBA Ledger is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hello@mbaledger.com.
We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email. Continued use of the platform constitutes acceptance of the updated policy.
For any privacy-related questions or requests, contact hello@mbaledger.com.